Sniffing Out Social Media Disinformation

The raw, edgy nature of social media is part of its charm, and its value. As Cisco’s global threat analyst, I often look at my Twitter feed in the morning before I check mainstream media sites because it provides quick, frequently expert, irreverent analysis on breaking news. In fact, my own concerns about press freedom and objectivity stemming from concentration of mass media ownership arguably strengthens the case for a lively, unregulated social media space. It can serve as a fact checker and whistle blower on traditional news sources. In societies where news outlets may be closely monitored or controlled by the state, social media may provide the only online outlet for uncensored public opinion.

Unfortunately, social media is frequently inaccurate or misleading, with the potential for real-world damage. It isn’t hard to imagine a scenario in which a terrorist coordinates on-the-ground attacks with misleading tweets with the intent to clog roads or phone lines, or send people into the path of danger. Several recent incidents underscore the ease with which social media rumors can compound the impact of real events.

India’s government blocked hundreds of web sites and curbed texts this summer in an attempt to restore calm among Hindu Indians from Assam after someone (possibly a rival group in Pakistan, according to the Indian government) posted threatening photographs and text messages. The rumors prompted thousands of panicked migrant workers to flood train and bus stations.

Many analysts have also begun to raise red flags about the risks of market manipulation through social media disinformation. Services are appearing, such as Help A Reporter Out (HARO), which allow citizen experts to write-in with information for stories being researched by journalists. This service appears to be ripe for manipulation, although I trust that reporters who use the service take steps to vet the write-in volunteers.

Just in the past several weeks, there have been incidents in which market prices appear to have been influenced by social media rumors:

A hijacked Reuters Twitter feed reported that the Free Syrian Army had collapsed in Aleppo. A few days later, a Twitter feed was compromised, and a purported top Russian diplomat tweeted that Syrian President Bashar Al-Assad was dead. Before these accounts could be discredited, oil prices on international markets spiked.

Public worries over a “worldwide bacon shortage” were sparked by a National Pig Association of the United Kingdom press release. Combined with press coverage over the impact on corn prices of a US drought, the comments caused a flurry of articles on a perceived shortage of bacon. The story itself wasn’t inaccurate, but social and mass media coverage made it seem worse than it really was. I have to say, I impulsively made myself a Bacon Lettuce and Tomato sandwich for dinner the day I saw that article.

Ultimately, the un-vetted and conveniently anonymous “spin” a story receives when posted to social media can add to its emotional octane, sometimes with tragic results. This was dramatically illustrated by the outpouring of rage in the Middle East following the posting of an anti-Islamic film on YouTube last month. There are many other examples:

In Bangladesh, Buddhist temples were razed in reaction to a photo of a burned Quran posted on Facebook. Many believed that the photo had been posted by a local Buddhist monk, and angry locals acted before the facts were checked.

As security professionals, our colleagues look to us to separate the wheat from the chaff, particularly if quick action is needed to defend networks from a new virus, alert employees to a bogus phishing attempt, re-route a shipment, or advise employees regarding safety. We want to be on top of the latest stories, but the last thing we want to do is alert our managers to a breaking story that turns out to be a hoax.

The first safeguard against falling for fabricated stories is to confirm the story across multiple sources. In the old days, journalists did this job for us, so that by the time we read or heard the news, it was vetted. These days, journalists are getting their stories from the same Twitter feeds that we are, and if several of us fall for the same story, we can easily mistake re-tweets for triangulation.

Some hoaxes and popular rumors can be vetted against Snopes, a website which debunks thousands of misinformation campaigns. Most of us get practice at this when fielding emails with “!!!TITLES IN ALL CAPS!!!” from Aunt Bertha or with worrying news about a friend who needs an emergency wire transfer to a bank in Belarus. Indeed, with any luck our kids will be better at this than we are, coming up with new technologies to identify hoaxes or even well-meaning rumors. In the meantime, we can fall back on another time-tested method: Refer to the source when repeating a story you have heard. “The sky is falling, according to Chicken Little.” You may even want to check on the source, to see who funds it, and consider ulterior motives and political agendas.

For fast-breaking news requiring quick action, your best bet may be to use the old-fashioned “sniff test.” If the story seems far-fetched, think twice before repeating or citing it. If Iran’s semi-official FARS News Agency had used the sniff test, they might have saved themselves international humiliation when they cited an Onion article that found rural white voters preferred Iranian President Mahmoud Ahmadinejad to US President Obama.

So, when your Twitter feed suggests that a massive meteor is on an immediate collision course for earth, stop, take a breath, and use your nose. It may be true, but you should probably wait and triangulate. It may be better to be a little bit late in reacting, than to be wrong and embarrassed, or worse.

Some of the individuals posting to this site, including the moderators, work for Cisco Systems. Opinions expressed here and in any corresponding comments are the personal opinions of the original authors, not of Cisco. The content is provided for informational purposes only and is not meant to be an endorsement or representation by Cisco or any other party. This site is available to the public. No information you consider confidential should be posted to this site. By posting you agree to be solely responsible for the content of all information you contribute, link to, or otherwise upload to the Website and release Cisco from any liability related to your use of the Website. You also grant to Cisco a worldwide, perpetual, irrevocable, royalty-free and fully-paid, transferable (including rights to sublicense) right to exercise all copyright, publicity, and moral rights with respect to any original content you provide. The comments are moderated. Comments will appear as soon as they are approved by the moderator.